First Direct Update

But I kept digging. And on Thursday I got a bit more information from “^GD” on the @firstdirecthelp twitter account. It still doesn’t answer all of my questions, but I think we’re a lot closer to the truth. Here’s what I was told.

@davorg Hi Dave, I can confirm that the password is encrypted. Security and safety will always be a priority for first direct. ^GD

First Direct say they store the passwords “encrypted”, but it’s unclear exactly what that means

It was a business decision to limit the length of the passwords, but we don’t know why that was considered a good idea

It still appears that First Direct believe that security by obscurity is an important part of their security policy

I haven ‘t really been reassured by this interaction with First Direct. I felt that the first customer support agent I talked to tried to fob me off with glib truisms, but “^GD” tried to actually get answers to my questions – although his obvious lack of knowledge in this area meant that I didn’t really get the detailed answers that I wanted.

I’m not sure that there’s anything to be achieved by pushing this any further.